diff options
| author | Nils Adermann <naderman@naderman.de> | 2013-04-24 09:45:34 -0700 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2013-04-24 09:45:34 -0700 |
| commit | 3e32655c7f22ce9aff7bafdbab6d556879b5fcf9 (patch) | |
| tree | 20853ed2664b6e28d5a2f42ee94ab8418b689629 /phpBB/common.php | |
| parent | ab628cbdb99eda1c3efbbca7e374f64876800428 (diff) | |
| parent | 16e70fa08610227d96e149eba2019803ad37c85f (diff) | |
| download | forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar.gz forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar.bz2 forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar.xz forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.zip | |
Merge pull request #1290 from nickvergessen/ticket/11362
Correctly sanitise the directory path in finder
Diffstat (limited to 'phpBB/common.php')
| -rw-r--r-- | phpBB/common.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index c33e2cbb1f..6dd65739fc 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -44,8 +44,11 @@ if (!defined('PHPBB_INSTALLED')) // Replace any number of consecutive backslashes and/or slashes with a single slash // (could happen on some proxy setups and/or Windows servers) $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); + // Eliminate . and .. from the path - $script_path = phpbb_clean_path($script_path); + require($phpbb_root_path . 'includes/filesystem.' . $phpEx); + $phpbb_filesystem = new phpbb_filesystem(); + $script_path = $phpbb_filesystem->clean_path($script_path); $url = (($secure) ? 'https://' : 'http://') . $server_name; |